{"schema_version":"0.1","map_id":"paper-31-map","publication_id":31,"publication_anchor":"paper-31","slug":"paper-31","canonical_path":"/knowledge/papers/paper-31/","machine_path":"/knowledge/papers/paper-31.json","root_node_id":"paper-31","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Brief Announcement: Proactive Secret Sharing with a Dishonest Majority","year":2016,"status":"Published · brief announcement","venue":"ACM Symposium on Principles of Distributed Computing (PODC)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Shlomi Dolev","Karim Eldefrawy","Joshua Lampkins","Rafail Ostrovsky","Moti Yung"],"keywords":["proactive secret sharing","dishonest majority"],"research_question":"Can proactive secret sharing preserve a long-lived secret when passively corrupted parties may form a dishonest majority in one refresh period, while still supporting refresh and recovery in the presence of bounded active faults?","central_answer":"The announcement encodes the secret as many random additive summands and verifiably shares those summands with polynomials of increasing degree. It then gives DM-Share, DM-Reconstruct, DM-Refresh, and DM-Recover protocols whose stated thresholds extend passive security beyond an honest majority, at the cost of synchrony, authenticated private channels, secure deletion, non-robust active security, and polynomial communication.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete three-page PODC brief announcement downloaded from the recorded author-hosted route, including visual inspection of its first and technical pages. The map distinguishes stated protocol guarantees from proof details deferred to the full paper.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification. Thresholds, interpretations, and ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-31-author-pdf","type":"author_hosted_copy","title":"Brief Announcement: Proactive Secret Sharing with a Dishonest Majority","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf","provenance_category":"author","retrieved_from":"https://web.cs.ucla.edu/~rafail/PUBLIC/193.pdf","media_type":"application/pdf","sha256":"66c0484c3ad92a7849bc3bb4613b730f4d73a5ac0f6bce0fcd05d144d7435cba","page_count":3},{"id":"source-paper-31-official","type":"official_publication_record","title":"ACM PODC 2016 publication record","url":"https://doi.org/10.1145/2933057.2933059","provenance_category":"official"},{"id":"source-paper-31-citation-index","type":"citation_index_snapshot","title":"SciSpace citation listing for the PODC brief announcement","url":"https://scispace.com/papers/brief-announcement-proactive-secret-sharing-with-a-dishonest-1jlgc03e8w","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-31-problem-results","source_id":"source-paper-31-author-pdf","label":"Problem, claimed novelty, thresholds, and communication","locator":"Abstract and Section 1, PDF page 1","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=1"},{"id":"anchor-paper-31-system-model","source_id":"source-paper-31-author-pdf","label":"Synchronous network, channels, epochs, refresh, and deletion assumptions","locator":"Sections 2.1 and Time Periods and Refresh Phases, PDF pages 1-2","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=1"},{"id":"anchor-paper-31-secret-sharing-model","source_id":"source-paper-31-author-pdf","label":"Secret sharing, verifiable sharing, proactive refresh, recovery, and discrete-log commitment assumption","locator":"Section 2.2, PDF page 2","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=2"},{"id":"anchor-paper-31-blueprint","source_id":"source-paper-31-author-pdf","label":"Additive-summand and increasing-degree polynomial blueprint","locator":"Section 3.1, PDF page 2","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=2"},{"id":"anchor-paper-31-share-reconstruct","source_id":"source-paper-31-author-pdf","label":"DM-Share and DM-Reconstruct","locator":"Section 3.2, PDF pages 2-3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=2"},{"id":"anchor-paper-31-refresh","source_id":"source-paper-31-author-pdf","label":"DM-Refresh and preservation of the shared secret","locator":"Section 3.3, PDF page 3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=3"},{"id":"anchor-paper-31-recovery","source_id":"source-paper-31-author-pdf","label":"DM-Recover, privacy intuition, and recovery-dependent thresholds","locator":"Section 3.4, PDF page 3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=3"},{"id":"anchor-paper-31-limitations","source_id":"source-paper-31-author-pdf","label":"Conclusion, non-robust active security, communication, and open questions","locator":"Section 4, PDF page 3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=3"},{"id":"anchor-paper-31-publication","source_id":"source-paper-31-official","label":"Official PODC publication record","locator":"ACM PODC 2016, DOI 10.1145/2933057.2933059","url":"https://doi.org/10.1145/2933057.2933059"},{"id":"anchor-paper-31-citations","source_id":"source-paper-31-citation-index","label":"Dated citation-count snapshot","locator":"SciSpace listing reported 1 citation when accessed 2026-07-11","url":"https://scispace.com/papers/brief-announcement-proactive-secret-sharing-with-a-dishonest-1jlgc03e8w"}],"nodes":[{"id":"paper-31","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Brief Announcement: Proactive Secret Sharing with a Dishonest Majority","summary":"A three-page announcement of a proactive secret-sharing construction that uses additive encoding and verifiable polynomial sharing to exceed the passive honest-majority barrier while retaining bounded recovery and active-fault guarantees.","source_anchor_ids":["anchor-paper-31-problem-results"]},{"id":"paper-31-question","kind":"question","parent_id":"paper-31","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a mobile-adversary PSS scheme remain confidential when passive corruptions within one refresh period may include a dishonest majority, rather than fewer than half of the parties?","source_anchor_ids":["anchor-paper-31-problem-results"]},{"id":"paper-31-answer","kind":"contribution","parent_id":"paper-31","order":2,"epistemic_status":"source_asserted","title":"Central construction","summary":"Split the secret into random additive summands, verifiably share each summand with a polynomial from an increasing-degree family, and refresh or recover those polynomial shares without reconstructing the secret.","source_anchor_ids":["anchor-paper-31-blueprint","anchor-paper-31-share-reconstruct"]},{"id":"paper-31-scope","kind":"scope","parent_id":"paper-31","order":3,"epistemic_status":"explicitly_scoped","title":"Model and required environment","summary":"The protocol runs among n parties in synchronized epochs over a synchronous network with authenticated broadcast and pairwise private authenticated channels; honest parties erase old shares after refresh.","source_anchor_ids":["anchor-paper-31-system-model"]},{"id":"paper-31-scope-mobile-adversary","kind":"threat_model","parent_id":"paper-31-scope","order":1,"epistemic_status":"defined","title":"Mobile mixed adversary","summary":"The adversary may eventually compromise all parties across the system lifetime, but the stated passive, active, and recovery-dependent thresholds must hold within each refresh period.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-system-model"]},{"id":"paper-31-scope-setup","kind":"assumption","parent_id":"paper-31-scope","order":2,"epistemic_status":"assumed","title":"Communication and reset assumptions","summary":"Synchrony, a global clock, authenticated broadcast, private authenticated channels, restoration to a pristine state, and deletion of obsolete shares are environmental assumptions rather than guarantees constructed by this scheme.","source_anchor_ids":["anchor-paper-31-system-model"]},{"id":"paper-31-scope-commitments","kind":"assumption","parent_id":"paper-31-scope","order":3,"epistemic_status":"computational_assumption","title":"Verifiability assumption","summary":"Active-fault checking uses homomorphic commitments instantiated in the announcement by Feldman VSS, whose hiding/security properties rely on discrete-log hardness over the selected field group.","source_anchor_ids":["anchor-paper-31-secret-sharing-model"]},{"id":"paper-31-construction","kind":"method","parent_id":"paper-31","order":4,"epistemic_status":"specified","title":"Four-protocol PSS construction","summary":"DM-Share, DM-Reconstruct, DM-Refresh, and DM-Recover jointly implement sharing, reconstruction, proactive rerandomization, and replacement of shares lost by rebooted or faulty parties.","source_anchor_ids":["anchor-paper-31-share-reconstruct","anchor-paper-31-refresh","anchor-paper-31-recovery"]},{"id":"paper-31-construction-encoding","kind":"method","parent_id":"paper-31-construction","order":1,"epistemic_status":"specified","title":"Additive encoding with increasing degrees","summary":"DM-Share writes s as the sum of n random summands and verifiably shares the summands with polynomials whose degrees increase across the family; reducing the maximum degree reserves interpolation capacity for share recovery.","source_anchor_ids":["anchor-paper-31-blueprint","anchor-paper-31-share-reconstruct"]},{"id":"paper-31-construction-refresh","kind":"protocol","parent_id":"paper-31-construction","order":2,"epistemic_status":"specified","title":"DM-Refresh","summary":"Each party verifiably distributes a family of random refreshing polynomials whose constant terms sum to zero; adding their evaluations rerandomizes every local share while preserving the encoded secret, after which old shares are deleted.","source_anchor_ids":["anchor-paper-31-refresh"]},{"id":"paper-31-construction-recover","kind":"protocol","parent_id":"paper-31-construction","order":3,"epistemic_status":"specified","title":"DM-Recover","summary":"Non-recovering parties mask their current polynomial shares with random polynomials that vanish at the recovering party's point, allowing that party to interpolate only its replacement shares rather than the secret or current sharing polynomials.","source_anchor_ids":["anchor-paper-31-recovery"]},{"id":"paper-31-claims","kind":"claim_group","parent_id":"paper-31","order":5,"epistemic_status":"source_asserted","title":"Stated guarantees","summary":"The announcement states separate thresholds for passive corruption, active corruption, mixed corruption, lost-share recovery, and batched communication; these guarantees are not interchangeable.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]},{"id":"paper-31-claim-passive","kind":"claim","parent_id":"paper-31-claims","order":1,"epistemic_status":"claimed_with_protocol_intuition","title":"Passive dishonest-majority confidentiality","summary":"Without lost-share recovery, the paper states confidentiality for t < n passive corruptions in a refresh period; with e simultaneous lost shares or faults, the stated passive threshold becomes t < n - e.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-recovery","anchor-paper-31-limitations"]},{"id":"paper-31-claim-active-mixed","kind":"claim","parent_id":"paper-31-claims","order":2,"epistemic_status":"claimed_non_robust","title":"Active and mixed corruption bounds","summary":"The non-robust construction states security for t < n/2 - e active corruptions and for mixed adversaries whose total may be a majority provided fewer than n/2 - e corruptions are active; detected cheating may cause abort.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]},{"id":"paper-31-claim-communication","kind":"claim","parent_id":"paper-31-claims","order":3,"epistemic_status":"asymptotic_claim","title":"Communication cost","summary":"The announcement reports O(n^4) communication for one secret and O(n^3) communication when multiple secrets are batched; it leaves lower communication for dishonest-majority PSS open.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]},{"id":"paper-31-evidence","kind":"evidence_group","parent_id":"paper-31","order":6,"epistemic_status":"bounded_by_brief_announcement","title":"Evidence and proof boundary","summary":"The three-page source specifies the model, encoding blueprint, and protocol mechanisms and gives security intuition, but it does not contain the full definitions, games, lemmas, or complete proofs of the corresponding SCN paper.","source_anchor_ids":["anchor-paper-31-secret-sharing-model","anchor-paper-31-blueprint","anchor-paper-31-recovery"]},{"id":"paper-31-evidence-mechanism","kind":"evidence","parent_id":"paper-31-evidence","order":1,"epistemic_status":"construction_inspected","title":"Mechanism-level support","summary":"The source explains why additive summands resist passive reconstruction, why zero-sum refresh polynomials preserve the secret, and why vanishing recovery masks reveal only the recovering party's replacement evaluations.","source_anchor_ids":["anchor-paper-31-blueprint","anchor-paper-31-refresh","anchor-paper-31-recovery"]},{"id":"paper-31-boundaries","kind":"limitation_group","parent_id":"paper-31","order":7,"epistemic_status":"material","title":"Limitations and open obligations","summary":"The active guarantee is non-robust, thresholds decrease with parallel recovery, the scheme assumes synchrony and secure erasure, and the brief leaves complete proofs and optimal communication outside its three pages.","source_anchor_ids":["anchor-paper-31-system-model","anchor-paper-31-recovery","anchor-paper-31-limitations"]},{"id":"paper-31-boundary-open","kind":"limitation","parent_id":"paper-31-boundaries","order":1,"epistemic_status":"open_problem","title":"Open communication and asynchrony questions","summary":"The authors ask whether batched communication can fall below O(n^3) and note that no construction in the represented work attains dishonest-majority security up to n - 1 over asynchronous networks.","source_anchor_ids":["anchor-paper-31-limitations"]},{"id":"paper-31-resources","kind":"artifact_group","parent_id":"paper-31","order":8,"epistemic_status":"publicly_available","title":"Publication resources","summary":"The complete brief announcement is checked into this site with recorded fixity, and the ACM DOI provides the official publication identity; no code or executable artifact is claimed by the paper.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-publication"]},{"id":"paper-31-scrutiny","kind":"scrutiny","parent_id":"paper-31","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The construction appeared as a PODC brief announcement. That establishes venue exposure but is not equivalent to a full-paper proof audit, independent reproduction, or public review report.","source_anchor_ids":["anchor-paper-31-publication"]},{"id":"paper-31-lineage","kind":"lineage","parent_id":"paper-31","order":10,"epistemic_status":"documented","title":"Relation to the full construction","summary":"This announcement is the compressed PODC presentation of the dishonest-majority PSS direction; the separate SCN paper contains the extended construction and proof treatment and must be mapped independently as paper #32.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]}],"relations":[{"id":"paper-31-relation-answer-question","type":"addresses","from_id":"paper-31-answer","to_id":"paper-31-question"},{"id":"paper-31-relation-encoding-answer","type":"realizes","from_id":"paper-31-construction-encoding","to_id":"paper-31-answer"},{"id":"paper-31-relation-refresh-construction","type":"component_of","from_id":"paper-31-construction-refresh","to_id":"paper-31-construction"},{"id":"paper-31-relation-recover-construction","type":"component_of","from_id":"paper-31-construction-recover","to_id":"paper-31-construction"},{"id":"paper-31-relation-mechanism-passive","type":"supports","from_id":"paper-31-evidence-mechanism","to_id":"paper-31-claim-passive"},{"id":"paper-31-relation-mechanism-active","type":"supports","from_id":"paper-31-evidence-mechanism","to_id":"paper-31-claim-active-mixed"},{"id":"paper-31-relation-scope-passive","type":"qualifies","from_id":"paper-31-scope","to_id":"paper-31-claim-passive"},{"id":"paper-31-relation-scope-active","type":"qualifies","from_id":"paper-31-scope","to_id":"paper-31-claim-active-mixed"},{"id":"paper-31-relation-boundaries-claims","type":"qualifies","from_id":"paper-31-boundaries","to_id":"paper-31-claims"},{"id":"paper-31-relation-lineage-paper","type":"contextualizes","from_id":"paper-31-lineage","to_id":"paper-31"}],"assessment":{"id":"paper-31-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete brief specifies the model, construction blueprint, protocols, thresholds, and security intuition, but its three pages omit the full formal definitions and proofs. The evidence supports a medium source-grounded rating rather than a claim of complete proof verification.","basis_source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-blueprint","anchor-paper-31-recovery"]},{"id":"auditability","level":"high","rationale":"A checked-in author-hosted copy with recorded page count and SHA-256, together with the official DOI, makes the represented brief directly auditable. The separate full-paper proof and any immutable artifact history are outside this record.","basis_source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, date, venue, official DOI, and author-hosted manuscript are documented. Contributor roles, revision history, tool use, and the exact lineage between brief and full versions have not been audited.","basis_source_anchor_ids":["anchor-paper-31-publication","anchor-paper-31-problem-results"]},{"id":"external_scrutiny","level":"medium","rationale":"PODC publication establishes external venue scrutiny, but the review reports, acceptance criteria, rebuttal, independent proof checking, and reproduction history are not public in the represented sources.","basis_source_anchor_ids":["anchor-paper-31-publication"]},{"id":"reception","level":"low","rationale":"The dated index snapshot located 1 citation. Under the author-defined corpus rule, 0 through 8 located citations is Low. Counts vary by index and date and do not measure correctness.","basis_source_anchor_ids":["anchor-paper-31-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source claims the first dishonest-majority PSS feasibility result and clearly identifies the prior honest-majority barrier. Priority and downstream influence require a separate literature and reception audit, so significance remains medium pending author verification.","basis_source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"SciSpace title and DOI listing","citation_count":1,"source_url":"https://scispace.com/papers/brief-announcement-proactive-secret-sharing-with-a-dishonest-1jlgc03e8w","signals":["The index displayed one citation for the PODC brief announcement."],"limitation":"Citation counts are index- and date-dependent; the corresponding SCN full paper is a separate record and may receive citations that do not accrue to this brief announcement."}}
